koobas.hobune.stream
Authenticating a user to a server using a UserId stored in PlayerPrefs
Every question about PlayerPrefs security seems to revolve around securing offline game saves and making them harder to temper with.
My question is different as I have an authoritative server. However, I'm struggling with a way to authenticate users as safely and seemlesly as possible, I'm now thinking of storing a custom auto generated and unique UserId in PlayerPref. The user would than be able to copy it manually into other devices that would then also be able to use the same user account by storing the ID in their own PlayerPrefs.
My questions about PlayerPrefs secure-ness then are:
1. Can a malicious app be able to get access to the PlayerPrefs of another app?
2. Or just, somehow, access them remotely?
3. Are PlayerPrefs somehow accessible to a determined hacker on a locked device (assuming he doesn't know the passcode)?
5. And on PlayerPrefs handling by android and iOS: Are PlayerPrefs wiped for whatever reasons on a device? When the app update? When the OS is updated? Randomly?
6. Am I overthinking this?
First advice: Don't persistently store login information on the device.
I can answer your 5th point: PlayerPrefs (at least on Android) are wiped, when the appis uninstalled. They persist through updates. And to Question 3: Any information is accessible to a determined hacker.
Why not use the Google/iTunes account for identification?
Thanks for the advices! At this moment, I'm actually using GameCenter/GooglePlay to authenticate user. The thing is, it add a step in the logging process that can be quite long, especially for Game Center apparently. I'd like to speed things up by doing the login entirely between my server and the client.
I'd like to identify them with GooglePlay/GameCenter/Facebook or whatever, only on the first connection from a device.
